From fc71412589a6836bd005947e9fd117b95c589c78 Mon Sep 17 00:00:00 2001
From: jsing <jsing@openbsd.org>
Date: Sun, 30 Apr 2017 04:21:53 +0000
Subject: [PATCH] Switch back to freezero() and explicitly initialise data_len
 to zero. The previous code was safe since data would always be NULL if
 data_len was uninitialised, however compilers cannot know this.

---
 lib/libssl/ssl_asn1.c | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/lib/libssl/ssl_asn1.c b/lib/libssl/ssl_asn1.c
index b27be00abea..fc252feb998 100644
--- a/lib/libssl/ssl_asn1.c
+++ b/lib/libssl/ssl_asn1.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_asn1.c,v 1.53 2017/04/16 06:26:55 otto Exp $ */
+/* $OpenBSD: ssl_asn1.c,v 1.54 2017/04/30 04:21:53 jsing Exp $ */
 
 /*
  * Copyright (c) 2016 Joel Sing <jsing@openbsd.org>
@@ -52,8 +52,8 @@ i2d_SSL_SESSION(SSL_SESSION *s, unsigned char **pp)
 	CBB peer_cert, sidctx, verify_result, hostname, lifetime, ticket;
 	CBB value;
 	unsigned char *data = NULL, *peer_cert_bytes = NULL;
+	size_t data_len = 0;
 	int len, rv = -1;
-	size_t data_len;
 	uint16_t cid;
 
 	if (s == NULL)
@@ -205,12 +205,9 @@ i2d_SSL_SESSION(SSL_SESSION *s, unsigned char **pp)
 	rv = (int)data_len;
 
  err:
-	if (data != NULL)
-		explicit_bzero(data, data_len);
-
 	CBB_cleanup(&session);
+	freezero(data, data_len);
 	free(peer_cert_bytes);
-	free(data);
 
 	return rv;
 }
-- 
2.20.1